The Tech Chorus DevOps Platform

In the last decade, the way people develop and deploy software has evolved drastically. There is an amalgamation of various sub-disciplines such as

• IT engineering - primarily deals with hardware and networking infrastructure
• System administration - responsible for managing servers in the rack, data center or at a colocation service
• Cloud infrastructure engineering - exclusively manage the infrastructure in the public cloud
• Platform engineering - build and maintain a platform to deploy software applications. Shields the users from the complixity.

All of these sub-disciplene can be called DevOps engineering.

In a previous series of blog posts, we discussed the Kubernetes objects typically used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount, Ingress, PDB, HPA, PV, PVC, Job and CronJob.

In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.

In most situations, Kubernetes API server is started with the flag --authorization-mode=RBAC which enables RBAC in the cluster.

Purpose Of Having Naming Conventions For An Ansible Project

• Consistency: Adopting a naming convention standardizes naming across the project and organization. This makes it easier for developers to switch between projects. Typically, an organization with an infrastructure team will have several Ansible projects and source code repositories. A developer working on one such Ansible project can seamlessly switch to another given a standard naming convention.
• Error Reduction: With improper naming there can be pitfalls. For instance, using hyphens(-) in variable names can cause parsing errors since Ansible might interpret them as the minus operator. Standardizing naming for variables can help avoid collisions.
• Readability: With a standard naming convention, it helps developers to find variables, files and tasks quickly.

Naming Conventions For Ansible Roles And Playbooks

• Role name : use lowercase letters and hyphens to separate words: For example, web-server or database-backup.
• Task file name: user lowercase letters and underscores to separate words. When statements such as include are used, it is convenient to have file names without hyphens. For example: install_web_ubuntu.yml
• YAML file extension: yml instead yaml. To be consistent and succinct.
• Task name: start with a verb: Use an action verb at the beginning of the task name to indicate what the role does. For example, Install Nginx or Configure firewall. Start with a capital letter. No need to end with a period for a few words of task description.
• Variable name: lowercase letters and underscores to separate words. The variable must start with the role name. For example, if the role name is nginx, the variable name should be nginx_default_hostname.

Content Guide

• Always include a README file for the role. Describe in detail how to use the role. Create a table to show the role variables and their defaults.
• Include automated tests using Molecule.

Architecture 1: Kubernetes Control Plane Without HA

Create three Virtual Machine guests on your laptop or workstation.

• VM 01 - Kubernetes Control Plane
• VM 02, VM 03 - Kubernetes Worker nodes

Architecture 2: Kubernetes Control Plane With HA

Create five Virtual Machine guests on your laptop or workstation.

• VM 01, VM 02, VM 03 - Kubernetes Control Plane with HA
• VM 04, VM 05 - Kubernetes Worker nodes

Use the Kubeadm tool to create the cluster.

In the Kubernetes Objects Required For A Typical Web Application post we talked about few Kubernetes objects that a web application developer should get accustomed to. In this post, we will extend the series and talk about more objects that can help web developers scale their applications.

As we delve deeper into Kubernetes topics, the demarcation of roles and skill sets start to reveal. In larger organizations, a dedicated team of infrastructure engineers design and make choices of network topology, IAC tooling and orchestration of the Kubernetes clusters and CI/CD pipelines. Typically, such DevOps engineers manage scaling and storage by installing the required controllers and CSI drivers. Application developers whose applications are deployed on the cluster maybe able to tune certain parameters of certain objects to manage the scaling needs of their applications. Depending on the situation, the developers maybe able to request and use storage volumes with certain restrictions. Regardless of the organization’s team structure, you should be able to learn about these Kubernetes concepts and objects and play with them locally on your laptop using Minikube.

In a previous post, we discussed using age to manage secrets in Git repositories. In this post, let’s improve our secrets management workflow in Git repositories using SOPS.

sops is an editor of encrypted files that supports popular configuration formats such as YAML and various encryption techniques such as age.

Read the blog post about age to install the package and creating the key file.

This time, we will use sops to perform encryption and decryption operations instead of the age command.

There are many applications and technologies enabled by VPN. We will focus on one of them in this post: client VPN.

Connecting To A Private Network

If the server you are trying to access is on a private network, you can use a VPN to connect to the network as if you were physically present on the same network. This can be useful if you need to access resources or devices that are only available on the private network.

Once upon a time, Apache was the de-facto web server solution. Later, Nginx became popular. If you are getting started with DevOps and Linux system administration, I would recommend you to start with Nginx.

Start With A Static Website

What is a static website? A website made from HTML and CSS. And maybe some JavaScript, images, videos, fonts, etc. The key takeaway is that there is no server side application involved. Install the Nginx web server on your Linux VM. Configure it to serve a static website. You will need a static website as a per-requisite. Create a static website by assembling some HTML, CSS, JavaScript and images. Optionally, add some fonts and videos. Access the website from your web browser by typing the IP address of the web server in the address bar. Take it to the next level by pointing the DNS A record of your domain to the VM. For our purposes, a fake domain or a local unregistered domain is sufficient. Manipulating /etc/hosts is also fine. Enjoy viewing the website from the browser.

Are you storing secrets such as database credentials, API keys, etc. unencrypted in Git repositories? Stop.

To protect your secrets, do not store them anywhere unencrypted. Especially in Git repositories. Ideally, your organization must have some vault solution where secrets can be stored and securely shared with people on a need-to-know basis. In many small organizations, having such a central secrets management solution is still a luxury. The need to store such secret information in Git repositories is obvious. There are a few ways in which you can encrypt secrets. We discussed using Ansible Vault in one of the previous blog posts.

Introduction

If you have chosen the DevOps engineering path for your career, Linux system administration skills are a must. Companies run their workloads on Linux on-premise as well as in the cloud. Many developers write software on their Linux laptops and workstations. In this post, I will lay out a plan to master Linux system administration skills. The journey begins with you becoming a Linux desktop user. Gradually, you start using your laptop as a Linux server. Become more productive and create your own labs using virtualization. You will be able to simulate a lot of Linux infrastructure scenarios on your laptop.